I CLAIM: 

1. In a transaction involving a disclosure of confidential information by first parties to 
second parties, requiring the second parties to adopt security measures with respect to the 
handling of the information and periodically respond to requests of the first parties for assurances 
of the implementation and observance of the security measures, a method for providing the 
assurances to the first parties, comprising: 

arranging with a selected number of the second parties to acquire, compile and store in a 
database information regarding the security measures for each of the selected number of second 
parties; 

arranging with a selected number of the first parties subscription services providing the 
selected number of first parties with assurances of the security measures of the selected number 
of second parties upon request; and 

providing the assurances of the security measures of the selected number of second 
parties to the selected number of first parties. 

2. The method according to claim 1 further including updating the security measures 
information stored in the database for each vendor periodically. 

3. The method according to claim 1 further including updating the security measures 
information stored in the database upon a notification by a respective second party and 
verification by a third party. 
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4. The method according to claim 1 wherein the acquisition, compilation and storage of the 
security measures information of the selected number of second parties is performed at no cost to 
the selected number of second parties. 

5. The method according to claim 1 including rendering the subscription services for a fee. 

6. The method according to claim 1 further including providing a rating for each second 
party based upon a type of the confidential information and the security measures of the vendor. 

7. The method according to claim 1 further including providing a rating for each second 
party based upon the security measures of the vendor. 

8. A method for providing security information on a plurality of vendors to a plurality of 
clients, comprising: 

providing an assessment of security procedures for each of the plurality of vendors; 
storing each assessment in a vendor security database; 

providing access to the vendor security database to each client to allow each client to 
review the plurality of assessments. 

9. The method according to claim 8 wherein the assessment is provided at cost to the 
vendor. 
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10. The method according to claim 8 wherein the assessment is provided at for a fee to the 
vendor. 

11. The method according to claim 8 wherein the assessment is provided at no cost to the 
vendor. 

12. The method according to claim 8 wherein the access provided to each client is 
subscription services for a fee. 

13. The method according to claim 8 wherein the assessment is updated periodically. 

14. The method according to claim 8 wherein the assessment is updated whenever the vendor 
updates its security procedures, the updates are verified and provided to the VMS. 

15. The method according to claim 8 wherein each assessment comprises one or more of 
SAS70 reports, Penetration Reports, Information Security Policies, Computer Incident Response 
Policies, DR Plans, Business Resumption Plans, Insurance Coverages, 3 rd Party Vendor 
Management Policies & Programs and Annual Financial Reports. 

16. The method according to claim 8 further including providing a rating for each vendor 
based upon a type of information to be protected and the security procedures of the vendor. 
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17. The method according to claim 8 further including providing a rating for each vendor 
based upon the security procedures of the vendor. 
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